Economic Crime and Corporate Transparency Act examined: A guide to avoiding the failure-to-prevent fraud offence

February 6 2025

by Payments Intelligence

What is this article about?

The Economic Crime and Corporate Transparency Act 2023, specifically the “failure-to-prevent fraud” offence, and outlines how businesses can mitigate fraud risks.

Why is it important?

It highlights new corporate responsibilities, significant penalties for non-compliance, and the businesses need to implement strong fraud prevention measures to protect their financial and reputational standing.

What’s next?

Businesses must proactively assess fraud risks, implement adequate procedures, leverage technology for fraud detection, and foster a culture of compliance to avoid regulatory penalties.

On 6 November 2024, the government released its guidance to organisations on the offence of failure to prevent fraud, introduced as part of the Economic Crime and Corporate Transparency Act 2023 (ECCTA). This legislation represents a significant shift in corporate accountability, aiming to strengthen the UK’s legal framework against financial crime.

The ECCTA is designed to enhance corporate transparency, combat economic crime, and impose stricter responsibilities on businesses to prevent fraud within their operations. The failure-to-prevent fraud offence ensures that organisations can no longer claim ignorance when fraud is committed by employees, agents, or subsidiaries acting on their behalf.

With fraud becoming one of the most prevalent economic crimes in the UK, this act is a response to growing concerns over corporate misconduct, financial misrepresentation, and economic crime loopholes. The introduction of severe penalties—including unlimited fines—highlights the government’s commitment to ensuring businesses implement robust anti-fraud measures and prioritise ethical governance.

For companies operating in the UK, understanding the implications of this legislation is critical. Compliance requires proactive fraud risk assessment, the implementation of preventive procedures, and a culture of accountability. This article explores the key provisions of the Act, the risks businesses must address, and the steps required to mitigate potential liabilities.

Voices from the industry

Businesses subject to the Failure to Prevent Fraud offence must understand their legal obligations under the new law. The Home Office outlines six key principles: tone from the top, due diligence, risk assessment, proportionate procedures, monitoring/review, and communication/training. The only defence is having "reasonable procedures" in place to prevent fraud. While many firms already implement fraud risk assessments and controls, this may not suffice. Businesses must review and strengthen their frameworks to ensure compliance, as failure to do so risks financial loss, reputational damage, and potential criminal liability.

The new FTPF offence is another example of the shift towards increased corporate criminal liability. A large company has exposure if an 'associate' commits a relevant fraud offence for the company's benefit. This can be anyone 'performing services for the company' —a potentially extensive category—rather than simply the company's senior staff. If found guilty, a company faces an unlimited fine and the other repercussions of a criminal conviction. However, companies will have a defence if they have 'reasonable prevention procedures' in place. Such measures will be essential in providing protection from lengthy, costly, 'bet-the-company' investigations.

The scope of the Act is notably wide. The fact that any large organisation (including outside of the UK) can be liable for fraud, where that fraud impacts UK victims, will be a particular concern for payment firms, given the international nature of money movements. The fact that 'fraud' captures just about any dishonest act, and 'associated persons' has (like we have seen with bribery) been defined widely, means it is essential payments firms with links to the UK assess whether they qualify and, if so, put in place fraud prevention procedures.

The guidance sets out the six principles to consider (top-level commitment, risk assessment, proportionate risk-based prevention procedures, due diligence, communication and training, monitoring and review), along with ‘best practice’ examples. Your risk assessment is the foundation for the others, so this is a really important step to get right. Once you have a clear, documented understanding of the areas of increased risk in your business, you should work through each of the other principles to identify gaps and undertake remedial actions where required. And don’t forget to keep your risk assessment and procedures up-to-date going forward!

The introduction of the failure-to-prevent fraud offence is a necessary step towards tackling corporate financial crime, but it is only as strong as its enforcement. Too often, we see well-intentioned legislation being undermined by weak implementation and lack of accountability. Firms must be required to have fraud prevention policies in place and demonstrate their effectiveness. Regulators need both the resources and the authority to take meaningful action against companies that turn a blind eye to fraudulent activities.

A key government priority for the payments sector is tackling fraud – as highlighted in the National Payments Vision and new authorised push payment fraud regime. The Economic Crime and Corporate Transparency Act 2023 creates a new offence for failure to prevent fraud (effective on 1 September 2025). Whilst the offence only applies to certain large organisations, the government has released associated guidance on preventing fraud which represents good practice for all payment firms. All payment firms should therefore take note and consider implementing the measures suggested in the guidance, particularly as the government advances its tougher stance on payments fraud.

Key takeaways

The New Corporate Fraud Offence

The Economic Crime and Corporate Transparency Act 2023 introduces a failure-to-prevent fraud offence. Businesses can be held liable if fraud is committed for their benefit by employees, agents, or other associates.

Who Is Affected?

Large organisations meeting at least two of the following criteria fall within the scope of the offence: an annual turnover exceeding £36 million, total balance sheet assets over £18 million, or more than 250 employees. While the law primarily targets large firms, smaller businesses may also face scrutiny depending on their activities.

Legal and Financial Risks

Failure to comply with the new law can lead to severe consequences, including unlimited fines, reputational damage, and increased regulatory oversight. Businesses must take proactive measures to strengthen their fraud prevention frameworks or risk significant financial and operational repercussions.

Adequate Procedures Defence

Organisations can avoid liability by demonstrating they have reasonable procedures in place to prevent fraud. The UK government outlines six guiding principles for compliance: proportional procedures, leadership commitment, fraud risk assessment, due diligence, effective communication and training, and continuous monitoring and review.

The Shift to Proactive Compliance

The introduction of this legislation marks a shift from reactive fraud management to proactive compliance. Businesses must embed fraud prevention into their corporate culture, conduct regular risk assessments, implement robust monitoring systems, and foster an environment where whistleblowing is encouraged. Those that take early action will be best positioned to navigate the evolving regulatory landscape.

Key provisions of the Act

The Economic Crime and Corporate Transparency Act 2023 introduces a range of measures aimed at strengthening corporate responsibility and reducing economic crime in the UK. Among its key provisions is the failure-to-prevent fraud offence, which seeks to ensure that organisations actively implement safeguards against fraudulent activities within their operations. This section explores the core elements of the Act, including its scope, applicability, and the obligations it places on businesses.

Understanding the failure-to-prevent fraud offence

One of the key provisions of the Act is the “failure-to-prevent fraud” offence, designed to hold organisations accountable, for example, if an employee or associate commits fraud for the organisation’s benefit. While the offence primarily applies to large UK companies and partnerships, smaller entities may also come under scrutiny depending on their activities. The issue of fraud is growing in the UK, with the average monetary loss per corporate fraud case being £21,433 in Q2 2023, the highest among all fraud types.

Businesses affected

The offence applies to large organisations, this is defined by meeting two out of the three following criteria:

Annual turnover exceeding £36 million.
Total balance sheet assets over £18 million.
More than 250 employees.

This threshold tries to focus on entities with significant economic influence, though smaller organisations may still face scrutiny if their activities raise concerns. The penalties for firms who are unable to meet the requirements are as follows:

Unlimited fines, which could have severe financial repercussions.
Reputational damage, leading to loss of trust among customers and stakeholders.
Increased regulatory oversight and potential restrictions on operations.

Key objectives of the act

The primary objectives of the 2023 Act include:

Preventing and detecting economic crime: The Act seeks to close loopholes in existing legislation and give enforcement agencies greater powers to investigate and prosecute financial crimes such as fraud, money laundering, and corruption.
Increasing corporate accountability: By introducing the failure-to-prevent fraud offence, the Act ensures that businesses take responsibility for fraud committed within their organisations, even if senior leadership was not directly involved.
Enhancing corporate transparency: Strengthening Companies House oversight, requiring greater scrutiny of company registrations and preventing misuse of UK corporate structures by criminals.
Improving law enforcement capabilities: Giving agencies such as the Serious Fraud Office (SFO) and National Crime Agency (NCA) enhanced investigative powers, including stronger tools for seizing assets linked to economic crime.

Click to see how to conduct a proper fraud risk assessment

Click here to read the step-by-step methodology

Failure to prevent fraud: What you need to know

Fraud remains one of the most significant threats to businesses, affecting financial stability, stakeholder trust, and regulatory compliance. The failure-to-prevent fraud offence was introduced to ensure that organisations proactively implement measures to detect and deter fraudulent activities. This section outlines the key aspects of the offence, including what constitutes a failure, how businesses can be held liable, and the necessary steps to mitigate risk.

What constitutes a failure to prevent fraud?

Under the Act, an organisation commits an offence if a person associated with the organisation commits fraud intending to benefit the organisation; this could be an employee, agent or subsidiary, for example.

It would also include a situation whereby an organisation fails to implement “reasonable procedures” to prevent such fraud.

The types of fraud covered under the offence include false accounting, fraudulent trading, cheating the public revenue, or any other offence also covered by the Fraud Act 2006.

Defences against liability

There are ways in which firms can avoid prosecution if they’re able to demonstrate an adequate procedure in place to prevent the fraud from occurring. The Government has issued guidance outlining some core principles businesses should follow, these include:

Proportionate procedures: Preventative measures should align with the size and risk exposure of the organisation.
Top-level commitment: Leadership should demonstrate clear support for fraud prevention.
Risk assessment: Businesses should actively assess and mitigate fraud risks.
Due diligence: Ensuring employees and third parties adhere to anti-fraud policies.
Communication and training: Educating employees and stakeholders on fraud risks.
Monitoring and review: Regularly updating fraud prevention measures.

Assessing and managing fraud risk

Effectively managing fraud risk requires organisations to proactively identify potential weaknesses, implement strong internal controls, and foster a culture of compliance. By conducting thorough risk assessments, businesses can pinpoint the areas most susceptible to fraud and develop strategies to mitigate exposure. The following section highlights common organisational vulnerabilities that fraudsters may exploit, as well as the importance of continuous monitoring and improvement.

Where vulnerabilities exist

Naturally, every organisation has areas of vulnerability. In the case of most, fraud risks emerge from routine processes and relationships. Financial operations, such as accounts payable and receivable, are a prime target for fraudsters who may exploit weaknesses to manipulate invoices, divert funds, or process unauthorised payments.

Meanwhile, third-party relationships, such as those with contractors, vendors, or agents, pose significant risks if proper due diligence and oversight mechanisms are not in place and followed.

Technology has further expanded the potential for vulnerabilities, for example, weak cybersecurity measures, outdated systems, or a lack of controls over digital access can provide an entry point for cybercriminals to manipulate financial data or steal the sensitive information of consumers. This risk becomes exacerbated for firms operating in a digital-first environment.

Taking proactive action

Conducting a risk assessment must be a continual process for firms looking to avoid repercussions. Organisations can ensure their defences remain as robust as possible by regularly reviewing operations, assessing third-party relationships, and monitoring evolving threats like cybercrime.

Most importantly, a well-documented risk assessment forms part of the “adequate procedures” defence required under the Act, giving businesses a strong footing should their practices come under regulatory scrutiny.

Ultimately, assessing risk is not just about avoiding the legal penalties on offer; it’s about safeguarding organisations against financial loss, reputational harm, and operational disruption.

Penalties and enforcement

Failure to comply with the Act will likely result in significant financial penalties for firms. This will come alongside reputational damage and legal consequences. While the Act does not impose criminal liability on individuals within the organisation (unless they were personally involved in the fraud), the financial and operational impact of a conviction can be severe.

Enforcement agencies, such as the Serious Fraud Office (SFO) and the FCA, have been granted increased powers to investigate and prosecute organisations that fail to meet their obligations under the Act.

Click to explore case study

Click here to open case study

Implementing adequate procedures

Under the terms of the Act, firms can avoid liability for the failure-to-prevent fraud offence if they can demonstrate that they have “adequate procedures” in place. The government has outlined six guiding principles to help firms develop these procedures, ensuring they are tailored to the organisation’s size, complexity, and risk profile.

These principles emphasise proportionality, strong leadership, thorough risk assessment, due diligence, effective communication, and ongoing monitoring. By following these guidelines, organisations can not only ensure that they are compliant but also build a more robust culture of fraud prevention that safeguards their reputation and operations. They are as follows:

1) Proportionality of procedures

Adequate procedures should be proportionate to the size, nature, and complexity of the organisation in question. For large, multinational corporations, this might mean sophisticated fraud detection systems and detailed compliance programmes. For smaller firms, simpler measures such as basic due diligence and robust financial controls may be sufficient. The key is to implement controls that match the organisation’s risk profile without being overly burdensome.

2) Top-level commitment

A clear directive from Leadership must set the tone for fraud prevention. This will include promoting a culture of integrity, actively supporting anti-fraud measures, and ensuring that fraud prevention is embedded in the organisation’s values and operations. A visible commitment from senior management will help to ensure that anti-fraud policies are taken seriously across the entire organisation.

3) Risk assessment

A thorough and regular fraud risk assessment is the foundation of any effective prevention strategy. Firms are advised to identify the areas where they are most vulnerable to fraud, taking into account the nature of their operations, the industries in which they operate, and the associated persons acting on their behalf. These assessments should inform the backbone and development of tailored policies and procedures.

4) Due diligence

Due diligence procedures play a pivotal role and are essential for understanding who an organisation is dealing with—whether employees, agents, suppliers, or customers. Proper background checks, monitoring of third-party activities, and ongoing evaluation of high-risk relationships can all help to prevent fraudulent activity from slipping through the cracks. This will be especially important in industries with complex supply chains or significant third-party involvement, for example.

5) Communication (Including training)

Firms’ employees must be made aware of all anti-fraud policies as well as any relevant third-parties. Training programmes play a critical role in ensuring company staff understand their individual responsibilities, can identify fraud risks and know how to respond if suspicious activity is detected. Open communication will help firms to foster a culture where employees feel confident reporting concerns.

6) Monitoring and review

Fraud prevention is not a static process, meaning organisations must regularly monitor and review their procedures to ensure they remain effective in the face of evolving risks and operational changes. This could involve auditing controls, assessing the impact of new technologies, or adapting to changes in regulatory requirements.

Tools and resources for fraud prevention

While policy plays a major role in preventing fraud, leveraging technology, partnerships and best practices to stay ahead of evolving threats. The failure-to-prevent element of the Act means firms must ensure they have the right tools to support their compliance efforts.

It is advised that organisations should leverage a combination of fraud detection solutions, compliance frameworks, and training resources to build a robust fraud prevention strategy.

Technology solutions for fraud prevention

1) AI-powered fraud detection

Machine learning algorithms can analyse vast amounts of transactional data to detect anomalies, suspicious patterns, and potential fraud in real time. This includes solutions such as IBM Safer Payments and FICO Falcon Fraud Manager, as well as fraud detection features built into banking platforms like Revolut or Monzo. These AI-driven tools help financial institutions prevent fraudulent activities before they escalate.

2) Compliance and security measures

Transaction monitoring systems continuously monitor financial transactions for red flags, helping firms comply with anti-fraud regulations. Identity verification and Know Your Customer (KYC) solutions ensure that employees, customers, and third-party partners are who they claim to be, forming a critical part of fraud prevention. Whistleblowing platforms provide secure channels for employees to report suspected fraud anonymously, reducing the risk of internal misconduct going undetected. Additionally, some firms are beginning to use blockchain and digital ledger technologies to enhance transparency and prevent financial fraud in supply chains and payment systems.

3) Compliance and risk management frameworks

Beyond technology, businesses must ensure they are following industry best practices and regulatory frameworks to mitigate fraud risks. ISO 37001 (Anti-Bribery Management Systems) provides a structured approach for organisations to prevent corruption and fraud. The FCA’s financial crime guide outlines expectations for firms regarding anti-money laundering (AML) and fraud prevention. While primarily focused on bribery, the UK Bribery Act 2010 guidance aligns closely with fraud prevention measures. Additionally, best practices from the Association of Certified Fraud Examiners (ACFE) offer methodologies for fraud risk assessment and compliance program development.

4) Partnerships and industry collaboration

Working with the right partners can significantly enhance an organisation’s fraud prevention capabilities. Engaging with legal and compliance consultants, such as law firms and compliance specialists, can assist in implementing robust fraud prevention strategies tailored to a business’s size and risk exposure. Joining industry groups and fraud networks, including The Payments Association, the Fraud Advisory Panel, and the Chartered Institute of Internal Auditors, provides valuable insights, training, and networking opportunities to stay ahead of evolving fraud threats. Collaborating with law enforcement and regulators, such as the Serious Fraud Office (SFO), National Crime Agency (NCA), and Financial Conduct Authority (FCA), helps payments firms better understand enforcement expectations and emerging risks.

5) Government resources and guidance

The UK government has provided official guidance to help organisations understand their responsibilities under the ECCTA and implement “reasonable procedures” to prevent fraud. Key resources include the Government’s Failure-to-Prevent Fraud guidance, a detailed document outlining what constitutes “adequate procedures” to prevent fraud. The Serious Fraud Office (SFO) guidelines on corporate liability provide clarity on how fraud-related offences are investigated and prosecuted. As part of the Act, Companies House reforms are introducing stricter identity verification and company registration processes to reduce corporate fraud. The National Economic Crime Centre (NECC) also provides resources as part of a collaborative initiative designed to coordinate responses to economic crime across multiple agencies.

Taking a proactive approach to fraud prevention

The failure to prevent fraud offences under the Economic Crime and Corporate Transparency Act has undoubtedly marked a significant shift in corporate accountability. Naturally, this means firms must place greater responsibility on organisations to prevent fraud before it happens.

Compliance has shifted to no longer being a case of simply reacting to fraud, but needing more proactive approaches from firms, integrating robust procedures, structured approaches and a firm culture of integrity at every level of the business.

By conducting comprehensive fraud risk assessments, implementing effective monitoring tools, and fostering strong leadership commitment, firms can significantly reduce their exposure to financial crime and regulatory penalties. Leveraging tools such as AI-driven fraud detection, cybersecurity solutions, and industry collaboration strengthens defences and ensures fraud prevention strategies remain agile in an evolving risk landscape.

Measuring success in this space is no longer about avoiding the legal consequences of failing to prevent fraud, however creating an environment where fraud cannot thrive. A business that prioritises ethical decision-making, encourages whistleblowing, and invests in fraud awareness training will benefit in the long term.

With regulatory scrutiny increasing and fraud tactics becoming more sophisticated, businesses that take early, decisive action will be best positioned to navigate the challenges ahead

The payments regulation roadmap: Q2 2025

April 14, 2025 No Comments

Your quarterly overview of the key regulatory changes impacting payments—what’s happening, what’s coming, and what actions to take

The Fed’s crypto pivot: Unlocking banking access and its impact on payments

March 18, 2025 No Comments

The Federal Reserve’s shift on crypto banking access raises new questions for payments, stablecoins, and the role of digital assets in finance.

From open banking to open finance and beyond: The future of financial data-sharing

March 18, 2025 No Comments

Open finance is expanding data-sharing beyond banking, reshaping payments, lending, and financial services worldwide.

The Payments Association

St Clement’s House

27 Clements Lane

London EC4N 7AE

+44 20 3540 9760

[email protected]

Emerging Ventures Limited t/a The Payments Association; Registered in England and Wales, Company Number 06672728; VAT no. 938829859; Registered office address St. Clement’s House, 27 Clements Lane, London, England, EC4N 7AE.